Register | Log in

lasso

Choose email to subscribe with

general

source: lasso (main)
version: 2.9.0-3
maintainer: Frederic Peters (DMD) (LowNMU)
arch: any
std-ver: 4.7.2
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.6.1-3
oldstable: 2.8.1-1
stable: 2.8.2-9
testing: 2.9.0-3
unstable: 2.9.0-3

versioned links

2.6.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.2-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.9.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

liblasso-perl
liblasso3-dev
liblasso3t64
python3-lasso

action needed

3 security issues in trixie high

There are 3 open security issues in trixie.

3 important issues:

CVE-2025-46404: A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVE-2025-46705: A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVE-2025-47151: A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Created: 2025-11-06 Last update: 2025-11-07 21:01

4 security issues in bullseye high

There are 4 open security issues in bullseye.

4 important issues:

CVE-2025-46404: A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVE-2025-46705: A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVE-2025-46784: A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVE-2025-47151: A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Created: 2025-11-06 Last update: 2025-11-07 21:01

3 security issues in bookworm high

There are 3 open security issues in bookworm.

3 important issues:

CVE-2025-46404: A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVE-2025-46705: A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVE-2025-47151: A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Created: 2025-11-06 Last update: 2025-11-07 21:01

news

[2025-08-25] lasso 2.9.0-3 MIGRATED to testing (Debian testing watch)
[2025-08-23] Accepted lasso 2.9.0-3 (source) into unstable (Frederic Peters)
[2025-08-23] lasso 2.9.0-2 MIGRATED to testing (Debian testing watch)
[2025-08-15] Accepted lasso 2.9.0-2 (source) into unstable (Frederic Peters)
[2025-08-15] Accepted lasso 2.9.0-1 (source) into unstable (Frederic Peters)
[2025-04-15] lasso 2.8.2-9 MIGRATED to testing (Debian testing watch)
[2025-04-12] Accepted lasso 2.8.2-9 (source) into unstable (Frederic Peters)
[2025-02-20] lasso 2.8.2-8 MIGRATED to testing (Debian testing watch)
[2025-02-17] Accepted lasso 2.8.2-8 (source) into unstable (Frederic Peters)
[2025-01-11] lasso 2.8.2-7 MIGRATED to testing (Debian testing watch)
[2025-01-09] Accepted lasso 2.8.2-7 (source) into unstable (Frederic Peters)
[2024-12-10] lasso 2.8.2-6 MIGRATED to testing (Debian testing watch)
[2024-12-07] Accepted lasso 2.8.2-6 (source) into unstable (Frederic Peters)
[2024-09-08] lasso 2.8.2-5 MIGRATED to testing (Debian testing watch)
[2024-09-05] Accepted lasso 2.8.2-5 (source) into unstable (Frederic Peters)
[2024-08-31] lasso 2.8.2-4 MIGRATED to testing (Debian testing watch)
[2024-08-29] Accepted lasso 2.8.2-4 (source) into unstable (Frederic Peters)
[2024-07-07] lasso 2.8.2-3 MIGRATED to testing (Debian testing watch)
[2024-07-05] Accepted lasso 2.8.2-3 (source) into unstable (Frederic Peters)
[2024-05-03] lasso 2.8.2-2 MIGRATED to testing (Debian testing watch)
[2024-03-02] Accepted lasso 2.8.2-2 (source) into unstable (Frederic Peters)
[2024-02-28] Accepted lasso 2.8.2-1.1 (source) into unstable (Lukas Märdian)
[2024-02-01] Accepted lasso 2.8.2-1.1~exp1 (source) into experimental (Graham Inggs)
[2024-01-01] lasso 2.8.2-1 MIGRATED to testing (Debian testing watch)
[2023-12-30] Accepted lasso 2.8.2-1 (source amd64) into unstable (Frederic Peters)
[2023-12-30] Accepted lasso 2.8.1-4 (source) into unstable (Frederic Peters)
[2023-12-29] Accepted lasso 2.8.1-3 (source) into unstable (Frederic Peters)
[2023-11-24] lasso 2.8.1-2 MIGRATED to testing (Debian testing watch)
[2023-11-22] Accepted lasso 2.8.1-2 (source) into unstable (Frederic Peters)
[2023-03-11] lasso 2.8.1-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.9.0-3
1 bug

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing